Cheng Zhuo,Di Gao,Liangwei Liu

DOI: https://doi.org/10.1109/tbdata.2022.3216566

2024-01-01

IEEE Transactions on Big Data

Abstract:The deployment of deep learning applications has to address the increasing privacy concerns when using private and sensitive data for training. A conventional deep learning model is prone to privacy attacks that can recover the sensitive information from either model parameters or accesses to the inference model. Recently, differential privacy (DP) has been proposed to offer provable privacy guarantees by randomizing the training process of neural networks. However, many approaches tend to provide the worst case privacy protection for model publishing, inevitably impairing the accuracy of the trained models. Thus, we present a novel private knowledge transfer strategy, where the private teacher trained on sensitive data is not publicly accessible but the student models can be released with privacy guarantees. In this paper, a three-player (teacher-student-discriminator) learning framework, Private Knowledge Distillation with Generative Adversarial Networks (PKDGAN), is proposed, where the student acquires the distilled knowledge from the teacher and is trained with the discriminator to generate similar outputs as the teacher. Moreover, a cooperative learning strategy is also suggested to support the collective training of multiple students against the discriminator when each student is with insufficient unlabelled training data. To enforce rigorous privacy guarantees, PKDGAN applies a Rényi differential privacy mechanism throughout the training process, and use it with a moment accountant technique to track the privacy cost. PKDGAN allows students to be trained with unlabelled public data and very few epochs, which avoids the exposure of training data while ensuring model performance. In the experiments, PKDGAN is found to have consistently good performance on various datasets (MNIST, SVHN, CIFAR-10, and Market-1501). When compared to prior works [1], [2], PKDGAN exhibits 5-82% accuracy loss improvement without compromising any privacy guarantee.

Chang Xia,Jingyu Hua,Wei Tong,Sheng Zhong

DOI: https://doi.org/10.1016/j.cose.2019.101699

IF: 5.105

2020-01-01

Computers & Security

Abstract:In many cases, a service provider might require to aggregate data from end-users to perform mining tasks such as K -means clustering. Nevertheless, since such data often contain sensitive information. In this paper, we propose the first locally differentially private K -means mechanism under this distributed scenario. Differing from standard differentially private clustering mechanisms, the proposed mechanism doesn’t need any trusted third party to collect and preprocess users data. Our mechanism first perturbs users data locally to satisfy local differential privacy (LDP). Then it revises the traditional K -means algorithm to allow the service provider to obtain high-quality clustering results by collaborating with users based on the highly perturbed data. We prove that our mechanism can enable high utility clustering while guaranteeing local differential privacy for each user. We also propose an extended mechanism to improve our basic model in terms of privacy and utility. In this mechanism, we perturb both users’ sensitive data and the intermediate results of users’ clusters in each iteration. Moreover, we consider a more general setting where the users may have different privacy requirements. Extensive experiments are conducted on two real-world datasets, and the results show that our proposal can well preserve the quality of clustering results.

Fan Yuan,Dachuan Xu,Donglei Du,Min Li

DOI: https://doi.org/10.1007/s11590-023-02090-w

IF: 1.5288

2024-01-26

Optimization Letters

Abstract:Data privacy has become one of the most important concerns in the big data era. Because of its broad applications in machine learning and data analysis, many algorithms and theoretical results have been established for privacy clustering problems, such as k -means and k -median problems with privacy protection. However, there is little work on privacy protection in k -center clustering. Our research focuses on the k -center problem, its distributed variant, and the distributed k -center problem under differential privacy constraints. These problems model the concept of safeguarding the privacy of individual input elements, with the integration of differential privacy aimed at ensuring the security of individual information during data processing and analysis. We propose three approximation algorithms for these problems, respectively, and achieve a constant factor approximation ratio.

mathematics, applied,operations research & management science

Devvrat Joshi,Janvi Thakkar

DOI: https://doi.org/10.48550/arXiv.2301.02896

2023-01-08

Abstract:In today's data-driven world, the sensitivity of information has been a significant concern. With this data and additional information on the person's background, one can easily infer an individual's private data. Many differentially private iterative algorithms have been proposed in interactive settings to protect an individual's privacy from these inference attacks. The existing approaches adapt the method to compute differentially private(DP) centroids by iterative Llyod's algorithm and perturbing the centroid with various DP mechanisms. These DP mechanisms do not guarantee convergence of differentially private iterative algorithms and degrade the quality of the cluster. Thus, in this work, we further extend the previous work on 'Differentially Private k-Means Clustering With Convergence Guarantee' by taking it as our baseline. The novelty of our approach is to sub-cluster the clusters and then select the centroid which has a higher probability of moving in the direction of the future centroid. At every Lloyd's step, the centroids are injected with the noise using the exponential DP mechanism. The results of the experiments indicate that our approach outperforms the current state-of-the-art method, i.e., the baseline algorithm, in terms of clustering quality while maintaining the same differential privacy requirements. The clustering quality significantly improved by 4.13 and 2.83 times than baseline for the Wine and Breast_Cancer dataset, respectively.

Machine Learning

Zhigang Lu,Hong Shen

DOI: https://doi.org/10.1109/TDSC.2020.3043369

2020-02-04

Abstract:Iterative clustering algorithms help us to learn the insights behind the data. Unfortunately, this may allow adversaries to infer the privacy of individuals with some background knowledge. In the worst case, the adversaries know the centroids of an arbitrary iteration and the information of n-1 out of n items. To protect individual privacy against such an inference attack, preserving differential privacy (DP) for the iterative clustering algorithms has been extensively studied in the interactive settings. However, existing interactive differentially private clustering algorithms suffer from a non-convergence problem, i.e., these algorithms may not terminate without a predefined number of iterations. This problem severely impacts the clustering quality and the efficiency of a differentially private algorithm. To resolve this problem, in this paper, we propose a novel differentially private clustering framework in the interactive settings which controls the orientation of the movement of the centroids over the iterations to ensure the convergence by injecting DP noise in a selected area. We prove that, in the expected case, algorithm under our framework converges in at most twice the iterations of Lloyd's algorithm. We perform experimental evaluations on real-world datasets to show that our algorithm outperforms the state-of-the-art of the interactive differentially private clustering algorithms with guaranteed convergence and better clustering quality to meet the same DP requirement.

Cryptography and Security,Machine Learning

Mengmeng Yang,Longxia Huang,Chenghua Tang

DOI: https://doi.org/10.26599/bdma.2022.9020050

2023-01-01

Big Data Mining and Analytics

Abstract:With the development of information technology, a mass of data are generated every day. Collecting and analysing these data help service providers improve their services and gain an advantage in the fierce market competition. K-means clustering has been widely used for cluster analysis in real life. However, these analyses are based on users' data, which disclose users' privacy. Local differential privacy has attracted lots of attention recently due to its strong privacy guarantee and has been applied for clustering analysis. However, existing $K$ -means clustering methods with local differential privacy protection cannot get an ideal clustering result due to the large amount of noise introduced to the whole dataset to ensure the privacy guarantee. To solve this problem, we propose a novel method that provides local distance privacy for users who participate in the clustering analysis. Instead of making the users' records in-distinguish from each other in high-dimensional space, we map the user's record into a one-dimensional distance space and make the records in such a distance space not be distinguished from each other. To be specific, we generate a noisy distance first and then synthesize the high-dimensional data record. We propose a Bounded Laplace Method (BLM) and a Cluster Indistinguishable Method (CIM) to sample such a noisy distance, which satisfies the local differential privacy guarantee and local d E -privacy guarantee, respectively. Furthermore, we introduce a way to generate synthetic data records in high-dimensional space. Our experimental evaluation results show that our methods outperform the traditional methods significantly.

Tianjiao Ni,Minghao Qiao,Zhili Chen,Shun Zhang,Hong Zhong

DOI: https://doi.org/10.1016/j.neucom.2020.10.051

IF: 6

2020-01-01

Neurocomputing

Abstract:Differential privacy is widely used in data analysis. State-of-the-art k-means clustering algorithms with differential privacy typically add an equal amount of noise to centroids for each iterative computation. In this paper, we propose a novel differentially private k-means clustering algorithm, DP-KCCM, that significantly improves the utility of clustering by adding adaptive noise and merging clusters. Specifically, to obtain k clusters with differential privacy, the algorithm first generates n×k initial centroids, adds adaptive noise for each iteration to get n×k clusters, and finally merges these clusters into k ones. We theoretically prove the differential privacy of the proposed algorithm. Surprisingly, extensive experimental results show that: 1) cluster merging with equal amounts of noise improves the utility somewhat; 2) while adding adaptive noise only does not improve the utility, combining both cluster merging and adaptive noise further improves the utility significantly.

Yuqing Zhu,Xiang Yu,Manmohan Chandraker,Yu-Xiang Wang

DOI: https://doi.org/10.1109/cvpr42600.2020.01187

2020-06-01

Abstract:With increasing ethical and legal concerns on privacy for deep models in visual recognition, differential privacy has emerged as a mechanism to disguise membership of sensitive data in training datasets. Recent methods like Private Aggregation of Teacher Ensembles (PATE) leverage a large ensemble of teacher models trained on disjoint subsets of private data, to transfer knowledge to a student model with privacy guarantees. However, labeled vision data is often expensive and datasets when split into many disjoint training sets lead to significantly sub-optimal accuracy and thus hardly sustain good privacy bounds. We propose a practically data-efficient scheme based on private release of k-nearest neighbor (kNN) queries, which altogether avoids splitting the training dataset. Our approach allows the use of privacy-amplification by subsampling and iterative refinement of the kNN feature embedding. We rigorously analyze the theoretical properties of our method and demonstrate strong experimental performance on practical computer vision datasets for face attribute recognition and person reidentification. In particular, we achieve comparable or better accuracy than PATE while reducing more than 90% of the privacy loss, thereby providing the “most practical method to-date” for private deep learning in computer vision. 11Code is available at https://github.com/jeremy43/Private_kNN Code is available at https://github.com/jeremy43/Private_kNN

Di Gao,Cheng Zhuo

DOI: https://doi.org/10.3233/FAIA200294

2020-01-01

Abstract:The deployment of deep learning applications has to address the growing privacy concerns when using private and sensitive data for training. A conventional deep learning model is prone to privacy attacks that can recover the sensitive information of individuals from either model parameters or accesses to the target model. Recently, differential privacy that offers provable privacy guarantees has been proposed to train neural networks in a privacy-preserving manner to protect training data. However, many approaches tend to provide the worst case privacy guarantees for model publishing, inevitably impairing the accuracy of the trained models. In this paper, we present a novel private knowledge transfer strategy, where the private teacher trained on sensitive data is not publicly accessible but teaches a student to be publicly released. In particular, a three-player (teacher-student-discriminator) learning framework is proposed to achieve trade-off between utility and privacy, where the student acquires the distilled knowledge from the teacher and is trained with the discriminator to generate similar outputs as the teacher. We then integrate a differential privacy protection mechanism into the learning procedure, which enables a rigorous privacy budget for the training. The framework eventually allows student to be trained with only unlabelled public data and very few epochs, and hence prevents the exposure of sensitive training data, while ensuring model utility with a modest privacy budget. The experiments on MNIST, SVHN and CIFAR-10 datasets show that our students obtain the accuracy losses w.r.t teachers of 0.89%, 2.29%, 5.16%, respectively with the privacy bounds of (1.93, 10(-5)), (5.02, 10(-6)), (8.81, 10(-6)). When compared with the existing works [15, 20], the proposed work can achieve 582% accuracy loss improvement.

Fengqiong Wei,Wei Zhang,Yunfang Chen,Jingwen Zhao

DOI: https://doi.org/10.1007/978-3-030-01701-9_8

2018-01-01

Abstract:Differentially private data publication has recently received considerable attention. However, it faces some challenges in differentially private high-dimensional data publication, such as the complex attribute relationships, the high computational complexity and data sparsity. Therefore, we propose PrivMN, a novel method to publish high-dimensional data with differential privacy guarantee. We first use the Markov model to represent the mutual relationships between attributes to solve the problem that the direction of relationship between variables cannot be determined in practical application. We then take advantage of approximate inference to calculate the joint distribution of high-dimensional data under differential privacy to figure out the computational and spatial complexity of accurate reasoning. Extensive experiments on real datasets demonstrate that our solution makes the published high-dimensional synthetic datasets more efficient under the guarantee of differential privacy.

Dong Li,Xiaojiang Zuo,Rui Han

DOI: https://doi.org/10.1109/icsidp47821.2019.9173114

2019-01-01

Abstract:Using the machine learning technology to explore the potential value of Big Data brings us into a smarter world, and the way data is mined through data sharing patterns also threatens the privacy of personal data. Differential privacy is a prevalent mechanism to effectively protect the personal data privacy due to the strict and the provable privacy definition, although there are several achievements have reached by combining the differential privacy and traditional machine learning algorithms in a stand-alone mode, little to talk about the distributed environment. To fill this gap, this paper proposes a method to embed the differential privacy mechanism into distributed platform, respectively implements the DPLloyd, GUPT k-means and GUPT logistic regression on the platform of Spark. The evaluation demonstrates that the approach barely interferes the effect of distributed machine learning algorithms and thus achieves the goal of differential privacy.

Bangzhou Xin,Yangyang Geng,Teng Hu,Sheng Chen,Wei Yang,Shaowei Wang,Liusheng Huang

DOI: https://doi.org/10.1016/j.neucom.2021.10.027

IF: 6

2021-01-01

Neurocomputing

Abstract:Distributed machine learning has attracted much attention in the last decade with the widespread use of the Internet of Things. As a generative model, Generative Adversarial Network (GAN) has excellent empirical performance. However, the distributed storage of data and the fact that data cannot be shared for privacy reasons in a federated learning setting bring new challenges to training GAN. To address this issue, we propose private FL-GAN, a differentially private GAN based on federated learning. By strategically combining the Lipschitz condition with differential privacy sensitivity, our model can generate high-quality synthetic data without sacrificing the training data’s privacy. When communication between clients becomes the main bottleneck for federated learning, we propose to use a serialized model-training paradigm, which significantly reduces communication costs. Considering the distributed data is often non-IID in reality, which poses challenges to modeling, we further propose universal private FL-GAN to approach this problem. We not only theoretically prove that our algorithms can provide strict privacy guarantees with differential privacy, but also experimentally demonstrate that our models can generate satisfactory data while protecting the privacy of the training data, even if the data is non-IID.

Yuting Kong,Yurong Qian,Fuxiang Tan,Lu Bai,Jinxin Shao,Tinghuai Ma,Sergei Nikolayevich Tereshchenko

DOI: https://doi.org/10.3233/jifs-213564

2022-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Data clustering has been applied and developed in all walks of life, which can provide convenience for enterprise service optimization. However, when the original data to be analyzed contains users’ personal privacy information, the clustering analysis process of the data holder may expose users’ privacy. Differential privacy k-means algorithm is a clustering method based on differential privacy protection technology, which can solve the privacy disclosure problem in the process of data clustering. In the differential privacy k-means algorithm, Laplacian noise controlled by privacy parameter ɛ is added to the center point of clustering to protect user sensitive information and clustering results in the original data, but the addition of noise will affect the utility of clustering. In order to balance the availability and privacy of the differential privacy k-means clustering algorithm, the research on the improvement of the algorithm pays more attention to the selection of the initial clustering center or the optimization of the outlier processing, but does not consider the different contribution degree of each dimension data to the clustering. Therefore, this paper proposes a differential privacy CVDP k-means clustering algorithm based on coefficient of variation. The CVDP scheme first eliminates outliers in the original data through data density, and then designs weighted data point similarity calculation method and initial centroid selection method using variation coefficient. Experimental results show that CVDP k-means algorithm has some improvements in availability, performance and privacy.

Zhang Ji,Dong Xin,Yu Jiadi,Luo Yuan,Li Minglu,Wu Bin

DOI: https://doi.org/10.1109/cc.2014.7022529

2014-01-01

China Communications

Abstract:Multidimensional data provides enormous opportunities in a variety of applications. Recent research has indicated the failure of existing sanitization techniques (e.g., k-anonymity) to provide rigorous privacy guarantees. Privacypreserving multidimensional data publishing currently lacks a solid theoretical foundation. It is urgent to develop new techniques with provable privacy guarantees. is an element of-Differential privacy is the only method that can provide such guarantees. In this paper, we propose a multidimensional data publishing scheme that ensures is an element of-differential privacy while providing accurate results for query processing. The proposed solution applies nonstandard wavelet transforms on the raw multidimensional data and adds noise to guarantee is an element of-differential privacy. Then, the scheme processes arbitrarily queries directly in the noisy wavelet-coefficient synopses of relational tables and expands the noisy wavelet coefficients back into noisy relational tuples until the end result of the query. Moreover, experimental results demonstrate the high accuracy and effectiveness of our approach.

Mary Scott,Sayan Biswas,Graham Cormode,Carsten Maple

2024-11-25

Abstract:A key task in managing distributed, sensitive data is to measure the extent to which a distribution changes. Understanding this drift can effectively support a variety of federated learning and analytics tasks. However, in many practical settings sharing such information can be undesirable (e.g., for privacy concerns) or infeasible (e.g., for high communication costs). In this work, we describe novel algorithmic approaches for estimating the KL divergence of data across federated models of computation, under differential privacy. We analyze their theoretical properties and present an empirical study of their performance. We explore parameter settings that optimize the accuracy of the algorithm catering to each of the settings; these provide sub-variations that are applicable to real-world tasks, addressing different context- and application-specific trust level requirements. Our experimental results confirm that our private estimators achieve accuracy comparable to a baseline algorithm without differential privacy guarantees.

Machine Learning,Databases

Mingshuang Li,Yihui Zhou,Wenru Tang,Laifeng Lu

DOI: https://doi.org/10.1109/NaNA51271.2020.00022

2020-01-01

Abstract:As one of the important algorithms in data mining, clustering algorithm has a wide range of applications in the real world. However, clustering algorithms have the risk of privacy leakage, such as the k-modes algorithm for clustering categorical data. Therefore, this paper proposes k-Modes based clustering algorithms for categorical data satisfying differential privacy. In the process of clustering iteration, the Laplace mechanism, Gaussian mechanism or Exponential mechanism is used to interfere the clustering algorithm to protect the privacy of data. And, in order to improve the accuracy of the clustering results, we changed the selection method of the initial center points. At the end of the paper, we compare the influence of different differential privacy mechanisms on the accuracy of clustering algorithm through experiments.

Honglu Jiang,Haotian Yu,Xiuzhen Cheng,Jian Pei,Robert Pless,Jiguo Yu

DOI: https://doi.org/10.1109/tkde.2023.3265605

IF: 9.235

2023-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:A large amount of high-dimensional and heterogeneous data appear in practical applications, which are often published to third parties for data analysis, recommendations, targeted advertising, and reliable predictions. However, publishing these data may disclose personal sensitive information, resulting in an increasing concern on privacy violations. Privacy-preserving data publishing has received considerable attention in recent years. Unfortunately, the differentially private publication of high dimensional data remains a challenging problem. In this paper, we propose a differentially private high-dimensional data publication mechanism (DP2-Pub) that runs in two phases: a Markov-blanket-based attribute clustering phase and an invariant post randomization (PRAM) phase. Specifically, splitting attributes into several low-dimensional clusters with high intra-cluster cohesion and low inter-cluster coupling helps obtain a reasonable allocation of privacy budget, while a double-perturbation mechanism satisfying local differential privacy facilitates an invariant PRAM to ensure no loss of statistical information and thus significantly preserves data utility. We also extend our DP2-Pub mechanism to the scenario with a semi-honest server which satisfies local differential privacy. We conduct extensive experiments on four real-world datasets and the experimental results demonstrate that our mechanism can significantly improve the data utility of the published data while satisfying differential privacy.

Zhen Gu,Kejia Zhang,Guoyin Zhang

DOI: https://doi.org/10.1155/2022/5612794

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Data are distributed between different parties. Collecting data from multiple parties for analysis and mining will serve people better. However, it also brings unprecedented privacy threats to the participants. Therefore, safe and reliable data publishing among multiple data owners is an urgent problem to be solved. We mainly study the problem of privacy protection in data publishing. For a centralized scenario, we propose the LDA-DP algorithm. First, the within-class mean vectors and the pooled within-class scatter matrix are perturbed by the Gaussian noise. Second, the optimal projection direction vector with differential privacy is obtained by the Fisher criterion. Finally, the low-dimensional projection data of the original data are obtained. For distributed scenarios, we propose the Mul-LDA-DP algorithm based on a blockchain and differential privacy technology. First, the within-class mean vectors and within-class scatter matrices of local data are perturbed by the Gaussian noise and uploaded to the blockchain network. Second, the projection direction vector is calculated in the blockchain network and returned to the data owner. Finally, the data owner uses the projection direction vector to generate low-dimensional projection data of the original data and upload it to the blockchain network for publishing. Furthermore, in a distributed scenario, we propose a correlated noise generation scheme that uses the additivity of the Gaussian distribution to mitigate the effects of noise and can achieve the same noise level as the centralized scenario. We measure the utility of the published data by the SVM misclassification rate. We conduct comparative experiments with similar algorithms on different real data sets. The experimental results show that the data released by the two algorithms can maintain good utility in SVM classification.

Ben Stoddard,Yan Chen,Ashwin Machanavajjhala

DOI: https://doi.org/10.48550/arXiv.1411.5428

IF: 5.414

2014-11-20

Machine Learning

Abstract:An important use of private data is to build machine learning classifiers. While there is a burgeoning literature on differentially private classification algorithms, we find that they are not practical in real applications due to two reasons. First, existing differentially private classifiers provide poor accuracy on real world datasets. Second, there is no known differentially private algorithm for empirically evaluating the private classifier on a private test dataset. In this paper, we develop differentially private algorithms that mirror real world empirical machine learning workflows. We consider the private classifier training algorithm as a blackbox. We present private algorithms for selecting features that are input to the classifier. Though adding a preprocessing step takes away some of the privacy budget from the actual classification process (thus potentially making it noisier and less accurate), we show that our novel preprocessing techniques significantly increase classifier accuracy on three real-world datasets. We also present the first private algorithms for empirically constructing receiver operating characteristic (ROC) curves on a private test set.

Zhiguang Chu,Jingsha He,Xiaolei Zhang,Xing Zhang,Nafei Zhu

DOI: https://doi.org/10.3390/electronics12091959

IF: 2.9

2023-01-01

Electronics

Abstract:As a social information product, the privacy and usability of high-dimensional data are the core issues in the field of privacy protection. Feature selection is a commonly used dimensionality reduction processing technique for high-dimensional data. Some feature selection methods only process some of the features selected by the algorithm and do not take into account the information associated with the selected features, resulting in the usability of the final experimental results not being high. This paper proposes a hybrid method based on feature selection and a cluster analysis to solve the data utility and privacy problems of high-dimensional data in the actual publishing process. The proposed method is divided into three stages: (1) screening features; (2) analyzing the clustering of features; and (3) adaptive noise. This paper uses the Wisconsin Breast Cancer Diagnostic (WDBC) database from UCI’s Machine Learning Library. Using classification accuracy to evaluate the performance of the proposed method, the experiments show that the original data are processed by the algorithm in this paper while protecting the sensitive data information while retaining the contribution of the data to the diagnostic results.